Risky Business #710 -- Why your corporate VPN will get you owned

On this week’s show Patrick Gray and Adam Boileau discuss the week’s security news. They cover:

• Fortinet 0day Groundhog Day
• CISA’s new binding directive on exposed management interfaces
• Confirmed: US intelligence buying commercially available data
• MOVEit drama rolls on
• Much, much more

This week’s show is brought to you by Red Canary. Chris Rothe is this week’s sponsor guest and he joins us to talk about how MDR providers are helping customers deal with cloud monitoring.

Links to everything that we discussed are below and you can follow Patrick or Adam on Mastodon if that’s your thing.

Show notes

• Fortinet Warns Customers of Possible Zero-Day Exploited in Limited Attacks - SecurityWeek
• Barracuda Urges Replacing — Not Patching — Its Email Security Gateways – Krebs on Security
• MOVEit announces second vulnerability; Minnesota schools agency breached with original bug
• Confidential data downloaded from UK regulator Ofcom in cyberattack
• Ransomware group Clop issues extortion notice to ‘hundreds’ of victims
• Another huge US medical data breach confirmed after Fortra mass-hack | TechCrunch
• CISA orders US civilian agencies to remove tools from public-facing internet
• Microsoft says Azure disrupted after a week of repeated service outages | Cybersecurity Dive
• Microsoft says Azure outage was caused by ‘anomalous’ traffic spike
• Microsoft investigating threat actor claims following multiple outages in 365, OneDrive | Cybersecurity Dive
• Risky Biz News: Ukrainian hackers wipe equipment of major Russian telco
• U.S. Spy Agencies Buy Vast Quantities of Americans’ Personal Data, U.S. Says - WSJ
• The US Is Openly Stockpiling Dirt on All Its Citizens | WIRED
• Srsly Risky Biz: Thursday, July 29 - by Tom Uren
• National security officials make case for keeping surveillance powers to skeptical Congress - The Washington Post
• Senators say Biden administration isn’t close on overhauling surveillance law
• Russian nationals accused of Mt. Gox bitcoin heist, shifting stolen funds to BTC-e
• North Korean hacking group Lazarus linked to $35 million cryptocurrency heist
• North Korean hackers stole $100 million in recent cryptocurrency heist -analysts | Reuters
• An Illinois hospital links closure to ransomware attack
• Security professional's tweet forces big change to Google email authentication | CyberScoop
• Can you trust ChatGPT’s package recommendations?